McAfee advises all users of Facebook to carefully analyze any email received from the social networking giant in the next few weeks as several users have reported receiving emails requesting they change their password. Phishing scams related to social networking sites like Facebook and Twitter have become one of the best methods for cyber criminals to compromise web security.
It's especially bad if a cyber criminals gain access to a Facebook user's account because people frequently use the same password for multiple websites and accounts.
Any email received ostensibly sent by Facebook that says a new password is available in an attachment should be discarded and reported to the company. Facebook does not reset passwords in this fashion.
"This threat is potentially very dangerous considering that there are over 350 million Facebook users who could fall for this scam," McAfee wrote on its blog. "This is also the sixth most prevalent piece of malware targeting consumers in the last 24 hours, as tracked by McAfee Labs."
In recent months, Facebook has been the target of criticism for its lack of action against the spread of malware. Ira Winkler, a Candian web security professional, sent an email to the company demanding that it remove an ad spreading scareware from the site last month.
Tag Archives: security
Banks boost web security with new program
Filed under Security News
Tagged as Amit Klein, bank, Flashlight, malware, program, RSA, security, Trusteer, users, web
Tagged as Amit Klein, bank, Flashlight, malware, program, RSA, security, Trusteer, users, web
A new program designed by web security provider Trusteer allows banks to remotely access computers of its online banking users to investigate potential web and network security breaches.
Currently, banks monitor accounts for unusual activity such as random large purchases or excessive withdrawals. The new software will allow banks to quickly scan these computers to check for potential problems. Banks cannot access the computer without permission from the account holder, who must first install the program.
"Financial institutions and their customers are being targeted by purpose-built malware variants designed to evade detection and commit online fraud, specifically against their brand," said Amit Klein, CTO of Trusteer. "The Trusteer Flashlight service enables banks to counter-strike these targeted attacks."
Any malware discovery will allow the bank to monitor similar activity and prevent against future attacks from the particular strain.
At the recent RSA Conference in San Francisco, California, a web security expert for the Federal Deposit Insurance Commission reported that online banking fraud cost banks and users more than $120 million in the third quarter of 2009.
Currently, banks monitor accounts for unusual activity such as random large purchases or excessive withdrawals. The new software will allow banks to quickly scan these computers to check for potential problems. Banks cannot access the computer without permission from the account holder, who must first install the program.
"Financial institutions and their customers are being targeted by purpose-built malware variants designed to evade detection and commit online fraud, specifically against their brand," said Amit Klein, CTO of Trusteer. "The Trusteer Flashlight service enables banks to counter-strike these targeted attacks."
Any malware discovery will allow the bank to monitor similar activity and prevent against future attacks from the particular strain.
At the recent RSA Conference in San Francisco, California, a web security expert for the Federal Deposit Insurance Commission reported that online banking fraud cost banks and users more than $120 million in the third quarter of 2009.
Web security breaches rock Hotmail
Filed under Security News
Tagged as breaches, change, Hotmail, malware, password, Rob Margel, security, spam, web
Tagged as breaches, change, Hotmail, malware, password, Rob Margel, security, spam, web
Users of Microsoft's free email service are advised by the Redmond, Washington-based software giant to change their passwords and be vigilant as an increase in spam activity on the site has led to web security breaches.
Accounts have been hacked in increasing numbers in recent weeks, and the cyber criminals have used the accounts to send spam to the entire contact list of the user. Victims have also reported that their email filter settings and other custom account features were changed following the breach.
"Hotmail is seeing instances of accounts being 'hijacked' by spammers who send emails out advertising an electronics website. The spam mails usually have subjects like 'Good shopping good mood' and may go to your contact list in addition to a random list of emails," Rob Margel of Microsoft wrote on his blog.
The spammers do not change passwords to prevent real users from using their accounts, but they intend to access the address more than once. Changing the password is the only way to prevent further damage.
The origin of the malware is unknown, but the results are similar to phishing attacks that take place on Twitter. The popular social networking site recently announced phishing attacks have become so frequent that it will now scan every link posted to the site for malware.
Accounts have been hacked in increasing numbers in recent weeks, and the cyber criminals have used the accounts to send spam to the entire contact list of the user. Victims have also reported that their email filter settings and other custom account features were changed following the breach.
"Hotmail is seeing instances of accounts being 'hijacked' by spammers who send emails out advertising an electronics website. The spam mails usually have subjects like 'Good shopping good mood' and may go to your contact list in addition to a random list of emails," Rob Margel of Microsoft wrote on his blog.
The spammers do not change passwords to prevent real users from using their accounts, but they intend to access the address more than once. Changing the password is the only way to prevent further damage.
The origin of the malware is unknown, but the results are similar to phishing attacks that take place on Twitter. The popular social networking site recently announced phishing attacks have become so frequent that it will now scan every link posted to the site for malware.
IE8 best in web security
Filed under Security News
Tagged as best, Black Hat, IE8, Microsoft, NSS Labs, security, Smartscreen Filter, web
Tagged as best, Black Hat, IE8, Microsoft, NSS Labs, security, Smartscreen Filter, web
Microsoft's latest Internet Explorer update, IE8 provides users with the best overall malware protection, according to the a recently released study from NSS Labs.
The study pitted IE 8 against the latest versions of Mozilla Firefox, Apple Safari, Google Chrome and Opera 10 and found that IE 8 does far more to weed out malicious software than its competition. NSS cited Microsoft's Smartscreen Filter, which compares URLs to known malicious web addresses and warns users whenever they come into contact to a potentially dangerous program, as the feature responsible for its superior security.
"Generally, at least half of a browser's total protection was achieved in the zero hour. But, Internet Explorer 8 continued to add as much as 30 percent of additional protection over the course of the test. Other browsers added between 2 percent and 14 percent over the course of the test," according to the study.
For Internet Explorer users who have still not updated to IE8, these latest results should be reason enough. In February, at the Black Hat DC Conference in Washington, D.C., Google demonstrated a hole in Internet Explorer 6 that is not present in IE8.
The study pitted IE 8 against the latest versions of Mozilla Firefox, Apple Safari, Google Chrome and Opera 10 and found that IE 8 does far more to weed out malicious software than its competition. NSS cited Microsoft's Smartscreen Filter, which compares URLs to known malicious web addresses and warns users whenever they come into contact to a potentially dangerous program, as the feature responsible for its superior security.
"Generally, at least half of a browser's total protection was achieved in the zero hour. But, Internet Explorer 8 continued to add as much as 30 percent of additional protection over the course of the test. Other browsers added between 2 percent and 14 percent over the course of the test," according to the study.
For Internet Explorer users who have still not updated to IE8, these latest results should be reason enough. In February, at the Black Hat DC Conference in Washington, D.C., Google demonstrated a hole in Internet Explorer 6 that is not present in IE8.
Intel reveals network security compromise
Filed under Security News
Tagged as 2010, botnet, breach, compromise, infection, Intel, January, Kneber, security
Tagged as 2010, botnet, breach, compromise, infection, Intel, January, Kneber, security
Intel, a global provider of computer chips, revealed that it was the target of a highly sophisticated network security breach in January, in its Form 10-K Annual Report to the Securities and Exchange Commision.
The company has since addressed and removed the infection from its network; the true scope and effects of the cyber attack are unknown. It is not uncommon for Intel to be targeted by cyber criminals. The company says, however, that it is rare for the attacks to be successful.
"One recent and sophisticated incident occurred in January 2010 around the same time as the recently publicized security incident reported by Google," the company states in the report. "We seek to detect and investigate these security incidents and to prevent their recurrence, but in some cases we might be unaware of an incident or its magnitude and effects."
While Intel cites that the compromise came at around the same time as Google's incident, there is nothing tying the attacks together.
The announcement comes following the discovery of the Kneber botet, which is believed to have infected more than 70,000 computers and more than 2,500 corporations worldwide.
The company has since addressed and removed the infection from its network; the true scope and effects of the cyber attack are unknown. It is not uncommon for Intel to be targeted by cyber criminals. The company says, however, that it is rare for the attacks to be successful.
"One recent and sophisticated incident occurred in January 2010 around the same time as the recently publicized security incident reported by Google," the company states in the report. "We seek to detect and investigate these security incidents and to prevent their recurrence, but in some cases we might be unaware of an incident or its magnitude and effects."
While Intel cites that the compromise came at around the same time as Google's incident, there is nothing tying the attacks together.
The announcement comes following the discovery of the Kneber botet, which is believed to have infected more than 70,000 computers and more than 2,500 corporations worldwide.
FTC probes P2P corporate data leaks
Filed under Security News
Tagged as corporate, data, file, FTC, leak, leaks, P2P, peer-to-peer, security, sharing
Tagged as corporate, data, file, FTC, leak, leaks, P2P, peer-to-peer, security, sharing
An FTC investigation found financial records, drivers’ license and Social Security numbers available for viewing on P2P networks. Monitor your network traffic, experts say.
The FTC this week notified nearly 100 organizations that personal information, including sensitive data on customers and employees had leaked onto peer-to-peer (P2P) file-sharing networks.
The file-sharing programs, popular with music and now video enthusiasts, have long been thought to be a pariah in many corporate networks, but apparently either poor security controls or a lack of communicating security policy to employees has resulted in a resurgence of P2P application use on many endpoint machines. The problem is as the FTC puts it so succinctly, “when P2P file-sharing software is not configured properly, files not intended for sharing may be accessible to anyone on the P2P network.”
Our site security expert, Kevin Beaver warned in a 2003 tip that P2P programs “introduce more vulnerabilities and open up more entry points to your network than many security managers ever thought possible.”
Beaver’s advice may be old, but it certainly isn’t outdated:
One of the best ways to keep up with P2P applications on your network is to know your traffic. A simple network analyzer sitting on a network hub on the public side of your firewall can show you what P2P traffic is going in and out of your network. There are P2P “air gap” and firewall products that can help control this. Some content filtering products are also now able to detect and stop P2P traffic.
Businesses should take note of the FTC alert on the P2P breaches. FTC Chairman Jon Leibowitz said the FTC found health-related information, financial records, drivers’ license and Social Security numbers available for viewing on P2P networks.
Leibowitz not only issued a warning to companies, but to the developers behind the file sharing programs themselves:
“Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure. Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing.”
The FTC said it was conducting an investigation into firms where customer or employee information has been exposed on P2P networks.
A webpage has also been established, Peer-to-Peer File Sharing: A Guide for Business, by the FTC to educate businesses about the problem.
Cisco Releases Multiple Security Advisories
Filed under Security Advisories
Tagged as 5500, advisory, ASA, Catalyst, Cisco, FWSM, security, Vulnerabilities
Tagged as 5500, advisory, ASA, Catalyst, Cisco, FWSM, security, Vulnerabilities
Cisco has released three security advisories to address vulnerabilities.
Security advisory, cisco-sa-20100217-fwsm, addresses a vulnerability in the Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. Successful and repeated exploitation of this vulnerability could result in a denial-of-service condition.
Security advisory, cisco-sa-20100217-asa, addresses multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances. These vulnerabilities may allow an attacker to gain unauthorized access to an affected system or cause a denial-of-service condition.
Security advisory, cisco-sa-20100217-csa, addresses multiple vulnerabilities in the Cisco Security Agent. These vulnerabilities may allow an attacker to execute arbitrary SQL commands, view and download arbitrary files, or cause a denial-of-service condition.
US-CERT encourages users and systems administrators to review Cisco security advisory cisco-sa-20100217-fwsm, cisco-sa-20100217-asa, and cisco-sa-20100217-csa and apply any necessary updates to mitigate the risks.
Security advisory, cisco-sa-20100217-fwsm, addresses a vulnerability in the Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. Successful and repeated exploitation of this vulnerability could result in a denial-of-service condition.
Security advisory, cisco-sa-20100217-asa, addresses multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances. These vulnerabilities may allow an attacker to gain unauthorized access to an affected system or cause a denial-of-service condition.
Security advisory, cisco-sa-20100217-csa, addresses multiple vulnerabilities in the Cisco Security Agent. These vulnerabilities may allow an attacker to execute arbitrary SQL commands, view and download arbitrary files, or cause a denial-of-service condition.
US-CERT encourages users and systems administrators to review Cisco security advisory cisco-sa-20100217-fwsm, cisco-sa-20100217-asa, and cisco-sa-20100217-csa and apply any necessary updates to mitigate the risks.
Oracle Releases Security Alert for WebLogic Server Vulnerability
Filed under Security Advisories
Tagged as alert, command, execution, ORacle, security, vulnerability, WebLogic
Tagged as alert, command, execution, ORacle, security, vulnerability, WebLogic
Oracle has released a security alert to address a vulnerability in Oracle WebLogic Server. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands on an affected system.
US-CERT encourages users and administrators to review the Oracle security alert and apply any necessary updates to help mitigate the risks.
US-CERT encourages users and administrators to review the Oracle security alert and apply any necessary updates to help mitigate the risks.
Microsoft Releases Security Advisory 980088
Filed under Security Advisories
Tagged as 980088, advisory, IE, Internet Explorer, Microsoft, protected mode, security, US-CERT
Tagged as 980088, advisory, IE, Internet Explorer, Microsoft, protected mode, security, US-CERT
Microsoft has released Security Advisory 980088 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to harvest user credentials and other sensitive information by enticing users to visit a maliciously crafted web page.
US-CERT encourages users and administrators to review Microsoft Security Advisory 980088 and apply the suggested workarounds of running Internet Explorer in Protected Mode and setting the Internet zone security setting to High to mitigate the risk of unwanted information disclosure.
US-CERT encourages users and administrators to review Microsoft Security Advisory 980088 and apply the suggested workarounds of running Internet Explorer in Protected Mode and setting the Internet zone security setting to High to mitigate the risk of unwanted information disclosure.